Frequently Asked Questions (FAQ)

FB-ISAO is the Information Sharing and Analysis Organization for the community of faith - all faiths and denominations that do not advocate violence or hate - and their partner and supply chain organizations.

Our Mission: FB-ISAO provides members with information, analysis, and capabilities to help reduce risk while enhancing preparedness, security, and resilience.

We perform our mission across the all-hazards threat environment - including cybersecurity, physical security, public health, and natural disasters - by leveraging our team's expertise and extensive experience in preparedness, operations, and years of support to critical infrastructure information Sharing and Analysis Centers (ISACs), We collaborate with our members and rely on our unique relationships with government partners, the broader information sharing community, and other entities.

To understand more about information sharing and analysis organizations and FB-ISAO, please read through the Frequently Asked Questions (FAQs) below. If you have additional questions, please contact our team.

What is an “Information Sharing and Analysis Organization” or ISAO?

DHS states: "America’s cyber adversaries move with speed and stealth. To keep pace, all types of organizations, including those beyond traditional critical infrastructure sectors, need to be able to share and respond to cyber risk in as close to real-time as possible. Organizations engaged in information sharing related to cybersecurity risks and incidents play an invaluable role in the collective cybersecurity of the United States. However, many companies have found it challenging to develop effective information sharing organizations—or Information Sharing and Analysis Organizations (ISAOs). In response, President Obama issued the 2015 Executive Order 13691 directing the Department of Homeland Security (DHS) to encourage the development of ISAOs."

Select, through an open and competitive process, a non-governmental organization to serve as the ISAO Standards Organization. This ISAO Standards Organization will identify a set of voluntary standards or guidelines for the creation and functioning of ISAOs.

Through public open-ended engagements, the ISAO Standards Organization will develop transparent best practices that align with the needs of all industry groups, not just those traditionally represented by ISACs. Although formation and operations standards must still be developed via open-ended public engagement run by the Standards Organization, the ISAO standards are intended to be:

Voluntary – participation in and the formation of ISAOs is not mandatory. Rather, it is meant to be completely optional and voluntary.

Transparent – through a collaborative and transparent process, public and private sector entities will have the opportunity to provide input on the developing standards.

Inclusive – participants from any sector, non-profit or for-profit, expert or novice, should be able to participate in or form their own ISAO.

Actionable – participants will receive a useful and practical set of voluntary standards and best practices to utilize as a guide if they choose to participate in or form an ISAO.

Flexible – any affinity of interest should be able to form ISAOs. Standards are not intended to be prescriptive as to prevent ISAO formation or harming the current processes of existing information sharing organizations.

EO 13691 compliments ongoing DHS information sharing efforts such as the Cyber Information Sharing and Collaboration Program (CISCP), DHS’s flagship program for public-private information sharing. In CISCP, DHS and participating companies share information about cyber threats, incidents, and vulnerabilities. Information shared via CISCP allows all participants to better secure their own networks and helps support the shared security of CISCP partners. Further, CISCP provides a collaborative environment where analysts learn from each other to better understand emerging cybersecurity risks and effective defenses.

What is an “Information Sharing and Analysis Center” or ISAC?

The following is from the National Council of ISACs: "Information Sharing and Analysis Centers (ISACs) help critical infrastructure owners and operators protect their facilities, personnel and customers from cyber and physical security threats and other hazards. ISACs collect, analyze and disseminate actionable threat information to their members and provide members with tools to mitigate risks and enhance resiliency."

The concept of ISACs was introduced and promulgated pursuant to Presidential Decision Directive-63 (PDD-63), signed May 22, 1998, after which the federal government asked each critical infrastructure sector to establish sector-specific organizations to share information about threats and vulnerabilities. Some ISACs formed as early as 1999, and most have been in existence for at least ten years.

ISACs are trusted entities established by critical infrastructure owners and operators to foster information sharing and best practices about physical and cyber threats and mitigation. Typically nonprofit organizations, ISACs reach deep into their sectors, communicating critical information far and wide and maintaining sector-wide situational awareness.

Most ISACs have 24/7 threat warning and incident reporting capabilities, and may also set the threat level for their sectors. And many ISACs have a track record of responding to and sharing actionable and relevant information more quickly than government partners.

Why is it called FB-ISAO and not FB-ISAC?

Information Sharing and Analysis Centers (ISACs) were created in 1998 under Presidential Decision Directive-63 (PDD-63) to advance the security of designated critical infrastructure sectors – those sectors deemed vital to the well-being of a nation. Information Sharing and Analysis Organizations (ISAOs), first defined in the Homeland Security Act of 2002 are entities or organizations, public or private, formal or informal, non-profit or for-profit that voluntarily form to share information with each other and are not necessarily tied to critical infrastructure sectors. While the community of faith is an important group for the nation and the government, working closely with government at all levels and with neighboring critical infrastructure in many communities, it is not one of the designated critical infrastructure sectors. As such, we have adopted the broader term, ISAO, to respect the unique mission and role of the critical infrastructure community and their respective ISACs.

What does FB-ISAO Do?

FB-ISAO works with organizations across the community of faith to provide and share all-hazards information, analysis, operational coordination, preparedness, and other capabilities - combined with member collaboration and expertise - to help members reduce their risk while enhancing security and resilience. This includes member forums, reports, activities, and liaison to the broader information sharing community including critical infrastructure information sharing and analysis centers (ISACs), other trusted information sharing communities, and government partners at all levels.

Who can join FB-ISAO?

FB-ISAO is open to US citizens that work at faith-focused facilities and organizations (such as churches, temples, mosques, and the organizations and associations that collaborate with those facilities), as well as partner charities and non-profits, and supply chain partners that may not be explicitly focused on the community of faith. FB-ISAO reserves the right to deny membership to organizations that are assessed as advocating violence or hatred.

Why is membership limited to US citizens?

Due to the trusted relationships we have with our government partners and information sharing restrictions, we will only allow US citizens to join member groups and access FB-ISAO and partner reports. Some information, when appropriately marked, may be further distributed.

Why is belonging to FB-ISAO important?

Being a member of FB-ISAO can extend the scope and capabilities of your organization's security and risk management activities and help bolster threat and risk awareness, preparedness capabilities and help connect you to organizations and insights that may not be readily available to individual organizations, particularly smaller faith-based organizations with limited staff. FB-ISAO is a “force multiplier.” Our adversaries – extremists of all stripes, cyber criminals, and others – share their tactics, techniques, and procedures to outsmart and out-maneuver us individually. Together, as we share information and cyber threat intelligence across the community, we decrease attackers’ chances of success.

How much does it cost to join?

FB-ISAO applies a tiered model based on organizational size and type. To see that model, click here.

Why is there a fee for being a member?

As with most ISACs and ISAOs, FB-ISAO is a non-profit organization sustained by membership dues. We do not receive any government funding. FB-ISAO offers a variety of value-added services, that are time and resource intensive. These value-added services focus on providing pertinent and timely information and analysis, much of which is not available to the general public, to our members.

How does my organization become a member?

To become an FB-ISAO member, an organization must:

Complete a Membership Agreement. This includes FB-ISAO’s review of the organization to ensure it meets the profile of an FB-ISAO member;

At that point, full membership is activated. This process can be completed in weeks depending on the organization's internal processes. A typical on-boarding period is approximately 60 days from initiation of membership to receipt of user credentials.

What happens when my organization joins?

Your organization will be granted security credentials for FB-ISAO. FB-ISAO staff will coordinate and conduct a new member on-boarding orientation meeting with your organization’s team to ensure a comprehensive understanding of FB-ISAO member services.

Does any government agency have access to the database?

No. Information may be shared from FB-ISAO with government partners and organizations but only with the submitting organization's explicit approval, under the agreed to Traffic Light Protocol (see below) designation and with or without member attribution, as desired by the member.

What is TLP (Traffic Light Protocol)?

TLP is a commonly used best practice. The US Department of Homeland Security notes that TLP “was created in order to facilitate greater sharing of information. TLP is a set of designations used to ensure that sensitive information is shared with the appropriate audience.” Most ISACs and many international organizations use a TLP to quickly articulate information sharing permissions. More general information can be found here.

How do member organizations benefit from sharing with each other?

Members can share on a real-time basis and then take that information, intelligence, and analysis and use it in their environments to prevent, protect against, mitigate, respond to, and recover from the cyber, physical, health, and natural threats and hazards that pose the greatest risk. Extremists and cyber threat actors share information. To counter their efforts and enhance our own security, preparedness, and resilience, we do too!